Cs306-Project/addProd.php at master · Yusa/Cs306-Project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
   session_start();
   $_SESSION["username"] = "";
   $isAdmin = $_SESSION["isAdmin"];
   $id = $_COOKIE['id'];


   if ($isAdmin == 0){
       header("Refresh:0; url=index.php");
       exit;
   }

    require "Query.php";
    Query::connectDatabase();
    $product = $_POST['prodName'];
    $description = $_POST['description'];
    $distInfo = $_POST['distInfo'];
	$warrant = $_POST['warrant-stat'];
    $model = $_POST['model-num'];
    $price = $_POST['price'];
	$discPercentage = $_POST['discPercentage'];
    $stock = $_POST['stock'];
    $category = $_POST['category'];

if(empty($_POST['prodName']) || empty($_POST['description']) ||  empty($_POST['distInfo']) ||  empty($_POST['warrant-stat']) ||  empty($_POST['model-num']) ||  empty($_POST['price']) ||  empty($_POST['discPercentage']) ||  empty($_POST['stock']) ||  empty($_POST['category'])   )
	{
		echo "<script>alert('You have an empty field.');</script>";
//    	header("Refresh:0; url=admin.php");   // go back to the register page
		echo $product. $description. $distInfo. $warrant. $model. $price. $discPercentage. $stock;
	}
	else{
	    $queryProd = "INSERT INTO PRODUCTS (pname, description, dist_info, warranty_status, model_number, price, discount, stock_quantity) VALUES ('$product', '$description', '$distInfo', '$warrant', '$model', '$price', '$discPercentage', '$stock')";

	  	$query = "SELECT *
            	  FROM CATEGORY
                  WHERE cname = '$category'";
	    $result = Query::$conn->query($query);

	    if(mysqli_num_rows($result) == 0){
			$query = "INSERT INTO CATEGORY (cname) VALUES ('$category')";
			$insertRes = Query::$conn->query($query);

		  	$query = "SELECT *
	            	  FROM CATEGORY
	                  WHERE cname = '$category'";
		    $result = Query::$conn->query($query);
			}

		$cat = $result->fetch_assoc();
		$catID = $cat[cid];


		if (Query::$conn->query($queryProd) === TRUE) {

			$queryPid = "SELECT *
						 FROM PRODUCTS
						 WHERE pname = '$product'";
		 	$resPid = Query::$conn->query($queryPid);

		 	$prodPid = $resPid->fetch_assoc();
		 	$pid = $prodPid[pid];

		 	$query = "INSERT INTO PRODUCT_CATEGORY (pid, cid) VALUES ('$pid', '$catID')";
		 	$result = Query::$conn->query($query);

			echo "<script>alert('Product Added!');</script>";
		} else {
    		echo "<script>alert('error');</script>";
		}

	    header("Refresh:0; url=admin.php");
}
?>